=====================================================================

                                CERT-Renater

                      Note d'Information No. 2024/VULN092
_____________________________________________________________________

DATE                : 07/03/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Google Chrome versions prior to 
                               122.0.6261.111/.112.

=====================================================================
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
_____________________________________________________________________


Stable Channel Update for Desktop
Tuesday, March 5, 2024

  The Stable channel has been updated to 122.0.6261.111/.112 for
Windows and Mac and 122.0.6261.111 to Linux which will roll out over
the coming days/weeks. A full list of changes in this build is
available in the Log.



The Extended Stable channel has been updated to 122.0.6261.112 for
Windows and Mac which will roll out over the coming days/weeks.


  Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until
a majority of users are updated with a fix. We will also retain
restrictions if the bug exists in a third party library that other
projects similarly depend on, but haven’t yet fixed.


This update includes 3 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.


[$12000][325893559] High CVE-2024-2173: Out of bounds memory access
in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19

[$7000][325866363] High CVE-2024-2174: Inappropriate implementation
in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19

[$6000][325936438] High CVE-2024-2176: Use after free in FedCM.
Reported by Anonymous on 2024-02-20


We would also like to thank all security researchers that worked with
us during the development cycle to prevent security bugs from ever
reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,
libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you
find a new issue, please let us know by filing a bug. The community
help forum is also a great place to reach out for help or learn
about common issues.


Prudhvikumar Bommana

Google Chrome


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================